Add multi-account VPC discovery via AWS Transit Gateway by RomanMelnyk113 · Pull Request #669 · castai/kvisor

RomanMelnyk113 · 2026-03-12T14:51:25Z

Automatically discovers VPCs connected via AWS Transit Gateway so that netflow records include correct zone/region attribution for cross-account traffic - previously this required manual static CIDR mappings

Enumerates TGW attachments for the cluster VPC, then fetches subnets from remote accounts via cross-account STS role assumption
For cross-region TGW peering, resolves the peer TGW region and discovers VPCs behind it
When --cloud-provider-aws-cross-account-role template is set then cross-account discovery will kick in
Falls back to TGW route-table CIDRs (region-level only, no AZ detail) when cross-account IAM role isn't configured
Updated docs/CLOUD.md to cover AWS TGW auto discovery feature
Improved logging overall in related places

…ions

cmd/controller/controllers/vpc_state_controller.go

pkg/cloudprovider/aws/transit_gateway.go

RomanMelnyk113 added 5 commits March 10, 2026 13:34

implement public cloud cidrs sync without need to provide any permiss…

e7aaab2

…ions

rename

31ab919

add tests

940dc85

init

d9e5c37

apply fixes

049613b

RomanMelnyk113 marked this pull request as draft March 12, 2026 14:51

RomanMelnyk113 added 10 commits March 16, 2026 19:09

add logs

2af4407

fetch TGW subnets

5d84476

discover peering tgw vpcs

d3c99ab

improve logging

bdede04

improve logging

e7823f5

update docs to handle TGW discovery scenarios

0ca7205

update integration test

14c3df5

add tgw tests to index vpc

962b762

update doc

2a5aa03

add account validation

be06e27

RomanMelnyk113 changed the title ~~Network aws multi account vpc support~~ Add multi-account VPC discovery via AWS Transit Gateway Mar 18, 2026

Merge branch 'main' into network-aws-multi-account-vpc-support

db28afe

RomanMelnyk113 marked this pull request as ready for review March 18, 2026 12:17

RomanMelnyk113 added 3 commits March 18, 2026 14:50

fix typo

1002811

revert changes

024be31

fix tgw region usage

02e5b69

RomanMelnyk113 commented Mar 18, 2026

View reviewed changes

cmd/controller/controllers/vpc_state_controller.go Outdated Show resolved Hide resolved

patrickpichler reviewed Mar 19, 2026

View reviewed changes

pkg/cloudprovider/aws/transit_gateway.go Outdated Show resolved Hide resolved

patrickpichler reviewed Mar 19, 2026

View reviewed changes

pkg/cloudprovider/aws/transit_gateway.go Outdated Show resolved Hide resolved

patrickpichler approved these changes Mar 19, 2026

View reviewed changes

RomanMelnyk113 added 4 commits March 26, 2026 16:19

update comments

1b16876

handle duplicated attachments

89d529b

fix fallback peered tgw vpcs logic

8224c9c

update comment

9b2bc4c

RomanMelnyk113 added 5 commits March 26, 2026 17:39

simplify refresh network state logic

c693de4

always assign same local region for same TGW attachments

99b8edd

optimize region usage

47f5093

add more logs

5f82203

update docs

248bc4f

RomanMelnyk113 merged commit 4c0f1e3 into main Mar 27, 2026
3 checks passed

RomanMelnyk113 deleted the network-aws-multi-account-vpc-support branch March 27, 2026 09:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add multi-account VPC discovery via AWS Transit Gateway#669

Add multi-account VPC discovery via AWS Transit Gateway#669
RomanMelnyk113 merged 28 commits intomainfrom
network-aws-multi-account-vpc-support

RomanMelnyk113 commented Mar 12, 2026 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

RomanMelnyk113 commented Mar 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

RomanMelnyk113 commented Mar 12, 2026 •

edited

Loading